Purchase the Download: Member US $25 | Non-Member US $60
Purchase in Book Format: Member US $35 | Non-Member US $70
Purchase Japanese Download: Member US $25 | Non-Member US $60
Provide feedback on this document
View News Release
Visit the Sarbanes-Oxley (SOX) Knowledge Center community
This publication provides CIOs, IT managers, and control and assurance professionals with scoping and assessment ideas, approaches and guidance in support of the IT-related Committee of Sponsoring Organizations of the Treadway Commission (COSO) internal control objectives for financial reporting. Enhancements include:
- The requirements of the PCAOB’s Auditing Standard No. 5 (AS 5)
- Mappings of the role of the COSO framework and its relationship to COBIT 5
- Detailed examples of application controls
- Issues in using SSAE 16 SOC 1 Examination reports
- IT Sarbanes-Oxley compliance road map
The third edition of IT Control Objectives for Sarbanes-Oxley: Using COBIT 5 in the Design and Implementation of Internal Controls Over Financial Reporting accommodates new and revised guidance and standards from ISACA, the PCAOB and the American Institute of Certified Public Accountants (AICPA) Auditing Standards Board (ASB). Further, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) recently published a revised edition of its Internal Control—Integrated Framework, which is adopted by most SEC registrants. The third edition of IT Control Objectives for Sarbanes-Oxley is not a rewrite, but is a major upgrade to the successful second edition. This guide is not an assessment of an enterprise's governance of enterprise IT (GEIT); rather it provides guidance on a focused topic—the assessment of effectiveness of internal control over financial reporting.
The IT Governance Institute, ISACA and the contributors of IT Control Objectives for Sarbanes-Oxley have designed this publication primarily as a reference for executive management and IT control professionals, including IT management and assurance professionals, when evaluating an organization's IT controls required by the US Sarbanes-Oxley Act of 2002.